Threat actors have already begun exploiting a serious flaw in Owl Labs’ video conferencing equipment that was patched earlier this week. The security flaw, known as CVE-2022-31460 (CVSS 7.4), can be used to turn a vulnerable device into a rogue access point for the Wi-Fi network it is connected to.
The problem affects Owl Labs’ Meeting Owl Pro and Whiteboard Owl devices because, in access point (AP) mode, the devices do not detach from the Wi-Fi network and instead begin routing all traffic to it.
The vulnerability was identified by security experts at Modzero, who also revealed that the video conferencing devices build their AP with the hardcoded passcode “hoothoot,” and that an attacker within Bluetooth range can exploit it without authentication. It is recommended that owners of Meeting Owl Pro and Whiteboard Owl video conferencing equipment update to firmware version 18.104.22.168 as soon as possible.